Via
FastCoExit:
“Spyware like FinFisher contributes to a multi-billion
dollar business. But until last week, activists had few ways to
defend themselves, aside from the well-placed bit of duct tape over
the computer camera and rigorous digital hygiene practices. That’s
why Amnesty International, Privacy International, Digitale
Gesellschaft, and the Electronic
Frontier Foundation rolled out a new tool, called Detekt,
that lets you know when you’ve been hacked. “If the last 10 to
15 years of spying has been interception, search and seizure, and
detaining, this is the future of government spying,” says Privacy
International deputy director Eric King. “Detekt
has only been up for a day, and I know there’s already been
hundreds of thousands of hits on the website. My inbox is full of
people who have been infected.” Anyone can freely download
Detekt’s open-source
software, but if the
tool does detect spyware, getting rid of it is another matter
entirely. The Detekt website does link to instructions to
help people clear their machines, but it’s also no safeguard
against the NSA or GCHQ’s sophisticated mass surveillance methods,
the likes of which were revealed by Edward Snowden in June of 2013.”

Fidgeting,
whistling, sweaty palms. These are just a few of the suspicious
signs that the Transportation Security Administration directs its
officers to look out for in airport travelers, according to a
confidential document obtained exclusively by The Intercept.

It’s disconcerting when you consider just how much your bank or
credit card company can see without even really trying: everywhere
you shop, eat, and play—right down to how much you spend and when.
(Suddenly, even Uber’s
God View doesn’t seem so scary.)

Capital One is developing an app called Ideas—an optional
stand-alone app from their main one—that mines customers’
spending histories to offer them relevant deals and events (for which
Capital One takes no cut). Each day, it produces a short,
personalized list of coupons (like save 10% at J. Crew) and things to
do (like check out The Book of Mormon), all translated to a
short, image-forward list you swipe through, kind of like Tinder. If
a customer likes an event, she can save it to be reminded later. If
a customer likes a deal, he can virtually clip the coupon. And if
that coupon goes unspent, then shortly before it expires, Ideas will
SMS the customer to warn him about it.

…
The search giant is pooling resources and intellectual property with
Johnson
& Johnson to develop robots to assist surgeons. No financial
terms were disclosed. J&J
said in a statement that the deal is expected to close in the
second quarter and has to be reviewed by antitrust authorities.

Google
reckons it can use its machine-vision and image-analysis software to
help surgeons see better as they operate or make it easier for them
to get information that’s relevant to the surgery.

Perspective.
Lest you think all drones are the size of model airplanes.

Facebook's
Internet-Beaming Aquila Drone Has Wingspan Of A Boeing 737, Will Take
Flight This Summer

…
The drones are capable of cruising at an altitude of 60,000 to
90,000 feet, and can stay aloft for months at a time thanks to solar
panels embedded in the massive wings and onboard lithium-ion
batteries. Each drone will be capable of “[beaming] down backbone
Internet access” to people across the globe — those who otherwise
wouldn’t have easy access to Internet connectivity — as part of
the Facebook’s Internet.org
efforts. According to Facebook’s estimates, there are anywhere
from between 1.1 billion to 2.8 billion people on the planet that
don’t have access to the Internet.

This
could be very interesting. Imagine replacing the redacted text with
you own words (a la Woody Allen's “What's up tiger lilly?”)

Follow
up to previous posting – StingRay
surveillance device intercepts a cellphone signals, capture texts,
calls, emails and other data – via Slate,
via TheBlot:
A heavily redacted copy of the 2010 manual for StingRay and KingFish
mobile data surveillance equipment was released by the FCC in
response to a FOIA request by TheBlot over the strong objections of
the equipment manufacturer. Matthew Keys for TheBlot: “On March 23
— more than six
months after the request had been filed and two months after the
January call — the FCC
delivered a heavily redacted user manual covering the StingRay,
StingRay II and KingFish devices. The
manual, which appears to be the same copy submitted to the FCC by
Harris in 2010, reveals the StingRay and KingFish equipment are
likely individual
components that comprise a cellphone surveillance kit
marketed and sold to police. The manual indicates the StingRay and
KingFish devices are sold as part of a larger surveillance kit that
includes third-party software and laptops. Tables that contain the
names of the other equipment is redacted in the copy provided by the
FCC, but other records reviewed by TheBlot indicate the laptops are
manufactured
by Dell and Panasonic, while the software is designed
by Pen-Link, a company that makes programs for cellphone
forensics. Numerous warnings note that the manual is “confidential,”
“not for public inspection” and contains information that falls
under the purview of the International Traffic in Arms Regulation
(ITAR), a federal statute that prohibits certain defense information
and equipment from being distributed outside the United States.
Harris also warns that the manual “may be provided only to …
government law enforcement agencies or communication service
providers,” and that the document contains material related to a
“restricted use item” that is “associated with the monitoring
of cellular transmissions.” (The latter phrasing appears clearly
in one section of the manual, despite being redacted on other pages.)
None of the redactions made to the document were explained by the
FCC as information withheld pursuant to national security interests.
Instead, the FCC explained its redactions through Exemption 4 of the
FOIA law, which protects the release of trade secrets and certain
confidential business information submitted to the government.”

…
Enrollment at the University of Phoenix is down by over 50% over the
past 5 years, reports
CNN.

…
According
to a report released by the Education Department's National
Center for Education Statistics, “After taking grants into account,
the average full-time undergraduate in 2011–12 paid a net price of
$11,700 to attend a public two-year college and $18,000 for public
four-year college. Include loans, work-study and other forms of aid
and the out-of-pocket costs come in at $9,900 and $11,800,
respectively.”

…
“In
Defense of Snow Days” – according to research published by
Education Next, school closures due to bad weather have
little or no effect on student achievement. [Who
paid for that study? Bob]

Friday, March 27, 2015

Modern vehicles are powerful data-scraping machines, warns a group of
B.C. privacy advocates, and Canada urgently needs to regulate what
companies can do with the information cars send them.

The British Columbia Freedom of Information and Privacy Association
(FIPA) published
a 123-page report Wednesday, detailing what your vehicle might
know about you and who can access that information.

In the report, which is the culmination of a year’s worth of
research, the group calls for immediate action in creating standards
for “connected cars” — vehicles equipped with the Internet,
providing features like navigation and parking assistance, in-car
entertainment and a range of safety features.

U.S.
Senators Amy Klobuchar (D-MN) and John Hoeven (R-ND) reintroduced
their Driver Privacy Act, legislation that protects a driver’s
personal privacy by making it clear that the owner of a vehicle is
also the owner of any information collected by an Event Data Recorder
(EDR).

An
EDR is an onboard electronic device that has the ability to
continuously collect at
least 43 pieces of information about a vehicle’s
operation. This includes direction, speed, seatbelt usage and other
data. The senators’ legislation would ensure that the vehicle owner
controls the data and their personal privacy is protected.

As I
understand it, “stories” are investigated by local teams and then
the stars of 60 Minutes swoop in and do the “reporting.” This
would seem to create a real potential for error. If 60 Minutes can't
be held accountable, Bloggers should be untouchable.

Executives
at Lumber Liquidators, the controversial discount floor retailer, are
telling investors they are feeling so emboldened by a recent
regulatory announcement they may sue the news program “60 Minutes”
over its reporting that raised issues about the safety of the
company’s products, the FOX Business Network has learned.

On
Wednesday, the U.S. Consumer Product Safety Commission (CPSC)
announced it will conduct an investigation into the company’s
laminate flooring. However, the agency said it would not use the
same “destructive” testing method used by '60 Minutes.'

…
The deconstructive method for testing flooring is conducted by
taking the product apart, and then testing each individual piece for
the toxin. But the safety commission said Wednesday it would be
testing only the finished goods, similar to the methods Lumber
Liquidators uses, and one in which the carcinogen level in the
flooring appears much lower.

We
seem to be heading toward e-Textbooks. I wonder what those
all-in-one printers that “print and bind a book” cost?

“A new book called Words
Onscreen: The Fate of Reading in a Digital World cites surveys
that say that young readers increasingly prefer to read books from
paper, not screens. More than that, though, they find ebooks and
printed books complementary. Printed
books are good for protracted reading and comprehension.Ebooks are good for
subsequent reference and convenient access. I started
arguing this in 2008, and it certainly reflects my own
experience. The future
composts the past. [What
the hell does that mean? Bob] The advent of films made
it possible for performances that couldn’t work onstage to be born
and it moved all the plays that were uncomfortable fits onstage to
the screen. What it left behind were plays that were more like plays
— and a theater industry that’s still going strong, even if it’s
dwarfed by the screen. By the same token, books are becoming more
booklike. Books that work best as ebooks — for example, big
reference books; but also short works that are too slight to rest
comfortably on their own between covers — are moving to ebook-land.
Things that are produced as printed books have passed a test in
which someone has asked, “Is there an important reason for this to
exist in print, instead of exclusively onscreen?”

Cybercriminals
in Asia are taking advantage of smartphones and mobile malware to
rake in significant profits through sextortion schemes, a report from
Trend Micro has found.

In
sextortion cases, a victim is lured into performing explicit acts
that are secretly recorded and then blackmailed with the video. In
a new report, researchers at Trend Micro detailed how these
sextortion gangs are operating. In one case, police in Japan
arrested two men suspected of being part of a gang that stole at
least Ɏ3.5 million (US$29,204.88) from 22 victims between December
2013 and January 2014.

Might
be fun to see if this is related to population (if so, why is India
not number one) or

A
new report from Akamai Technologies names China as the top source of
attack traffic on the Web.

In
its 'Fourth
Quarter, 2014 State of the Internet Report', Akamai cited China
as the originator of 41 percent of observed attack traffic.
According to the report, during the fourth quarter of last year
Akamai observed
attack traffic originating from 199 unique countries and regions.
Out of the 199, China was the clear leader of the pack, accounting
for more than triple the amount originating from the U.S.

…
"The
overall concentration of observed
attack traffic decreased in the fourth quarter, with the top 10
countries/regions originating 75% of observed attacks, down from 84%
and 82% in the second and third quarters, respectively,"
according to the report. [Everyone
is getting into the act. Bob]

For
my Computer Security students. Remember, it's your job to fix each
of these! (Assuming you work 50 weeks each year, you need to fix
roughly 62 vulnerabilities every day.)

IT
security solutions provider Secunia today published its annual
vulnerability review. The report provides facts and details on the
security flaws uncovered in 2014.

According
to the security firm, a total of 15,435 vulnerabilities were
identified in 2014 in 3,870 applications from 500 vendors. This
represents an 18 percent increase compared to the previous year, and
a 55 percent increase over five years.

Knowing
is not as effective as nagging? Good News/Bad News: Here is a good
way to get educate users about privacy and the discontinue the App.
Sounds like a business opportunity I should run by may students.

Many smartphone users know that free apps sometimes share private
information with third parties, but few, if any, are aware of how
frequently this occurs. An experiment at Carnegie Mellon University
shows that when people learn exactly how many times these apps share
that information they rapidly act to limit further sharing.

In one phase of a study that evaluated the benefits of app permission
managers – software that gives people control over what sensitive
information their apps can access – 23 smartphone users received a
daily message, or “privacy nudge,” telling them how many times
information such as location, contact lists or phone call logs had
been shared.

Some nudges were alarming. One notable example: “Your location has
been shared 5,398 times with Facebook, Groupon, GO Launcher EX and
seven other apps in the last 14 days.”

In interviews, the research subjects repeatedly said the frequency of
access to their personal information caught them by surprise.

… “The vast majority of people have no clue about what’s
going on,” said Norman
Sadeh, a professor in the School of Computer Science’s
Institute for
Software Research. Most smartphone users, in fact, have no way
of obtaining this data about app behavior. But the study shows that
when they do, they tend to act rapidly to change their privacy
settings.

… An app permission manager allows smartphone users to decide
which apps have access to personal information and sensitive
functionality. The study used a permission manager for Android 4.3
called AppOps.

… When the participants were given access to AppOps, they
collectively reviewed their app permissions 51 times and restricted
272 permissions on 76 distinct apps. Only one participant failed to
review permissions.

But once the participants had set their preferences over the first
few days, they stopped making changes. When they began getting the
privacy nudges, however, they went back to their privacy settings and
further restricted many of them.

… Sadeh said when people download an Android app, they are told
what information the app is permitted to access, but few pay much
attention, and fewer understand the implications of those
permissions.

“The fact that users respond to privacy nudges indicate that they
really care about privacy, but were just unaware of how much
information was being collected about them,” Sadeh said.

The AppOps software was
discontinued on later versions of Android. While iPhones
do have a privacy
manager, it does not tell users how often their information is
used or for what purpose and does not nudge users to regularly review
their settings.

Whether you call Edward Snowden a traitor or a whistle-blower, he
earned one label about which there’s no debate: insider threat.

Guarding against such risks
is an expanding niche in the security industry, with at
least 20 companies marketing software tools for tracking and
analyzing employee behavior. “The bad guys helped us,” says Idan
Tendler, the founder and chief executive officer of Fortscale
Security in San Francisco. “It started with Snowden, and people
said, ‘Wow, if that happened in the NSA, it could happen to us.’ ”

[…]

Companies are also realizing that tracking insiders may improve their
odds of catching outside hackers.

The FBI can no longer withhold thousands of pages of surveillance
files of Muslim communities by claiming the “law enforcement”
exemption of the Freedom of Information Act, a federal judge ruled
Monday.

U.S. District Judge Richard Seeborg found that the exemption “is
not the appropriate umbrella under which to shield these documents
from public view.”

The American Civil Liberties Union, the Asian Law Caucus and the San
Francisco Bay Guardian in 2010 requested records concerning the FBI’s
investigation and surveillance of Muslim communities in Northern
California.

Although
the FBI submitted a lengthy declaration describing how the type of
documents it withheld advance law enforcement interests, it did not
sufficiently "establish a rational nexus between the enforcement
of a federal law and the documents for which it claims Exemption 7
applies," Seeborg wrote in a 7-page ruling.

…
"The FBI's refrain at oral argument that many of the withheld
documents do not relate to
particular investigations, and thus cannot be linked to
any particular provision of law, only serves to emphasize the point
that Exemption 7 is not the appropriate umbrella under which to
shield these documents from public view," Seeborg wrote.

Federal
regulators are pushing back against suggestions that they gave Google
a free pass under antitrust law, potentially out of deference to the
Obama administration.

After
stories in the Wall Street Journal showing that Federal Trade
Commission (FTC) staff urged the agency to take action against the
Web giant — which it ultimately did not — and detailing Google’s
close ties to the White House, members of the FTC are pushing back.

…
Before we start, I just need to point something out. Obviously
there are numerous social media sites out there — too many to
count. So to make things easy, in this article, I am just going to
go with Twitter. However, the principles below apply to any
social media site. Twitter not your gig? Then take the
advice below and apply it/adapt it to that site.

Why
would this be funny? It is exactly the techno-babble Economists
speak!

Wednesday, March 25, 2015

The FBI, New Jersey State Police, county and local investigators are
on the trail of hackers who hijacked a Gloucester County school’s
district’s computer network, demanding a ransom payment to make it
usable again.

The Superintendent of the Swedesboro-Woolwich
School District says the unidentified hackers are
demanding a payment of 500 bitcoins, the equivalent of $128,000, to
return the computer system to working condition.

… At this point there appears to be no data breach. The files
affected were mainly word documents, excel spreadsheets and .pdf
files created by staff members. Data for the student information
system as well as other applications is stored offsite on hosted
servers and was not affected by the virus.

Encrypted files were restored from backup to their original state.
Servers were restored to remove any trace of the malware. Email and
other systems are being restored as quickly as possible.

OK,
but what’s this nonsense from the Superintendent that “Without
working computers, teachers cannot take attendance, access phone
numbers or records, and students cannot purchase food in cafeterias.”

Gee,
I remember the days when teachers took attendance by checking off our
names on paper charts, when our phone numbers were on index cards in
the school office, and we paid cash for food in the cafeteria. Are
schools TOO reliant on technology now? Seems so if they can’t
figure out how to operate without computers.

The
Superintendent says, without Smartboards, students Monday used pens,
pencils and papers, going back to, what he described, “education as
it was 20 or 30 years ago.”

LUXEMBOURG—In a gold-curtained courtroom here, a debate is playing
out over the transfer of personal data used for billions of dollars
in digital advertising.

The European Court of Justice—the European Union’s top
court—heard arguments Tuesday in the biggest threat yet to a legal
mechanism that allows Facebook Inc. and thousands of other firms to
transfer European personal data to U.S.-based servers.

Following revelations of widespread surveillance by the U.S. National
Security Agency, plaintiff Max Schrems, an Austrian law student, made
the case that the EU-U.S.
agreement, called Safe Harbor, no longer guarantees the privacy of
European residents. He was supported by lawyers
representing the governments of Belgium, Poland and Austria.

When the Supreme Court ruled in 2012 that affixing GPS devices to
vehicles to track their every move without court warrants was an
unconstitutional trespass, the outcome was seen as one of the biggest
high court decisions in the digital age.

That precedent,
which paved the way for the disabling of thousands of GPS devices
clandestinely tacked onto vehicles by the authorities, is now being
invoked to question the involuntary placement of GPS devices onto
human beings.

a free e-book of roughly
20,000 words providing an overview of practice
technology in a generic law practice;

licensed under a Creative
Commons Share-alike license so that faculty can
repurpose it however they like;

an e-book for law students looking for something longer
than blog posts or even long form law practice
technology articles;

intended to be practical, flavored heavily with my own opinions
about law practice technology and data that I rely on myself when
thinking about legal technology. I realize I’m not a practicing
lawyer, and for those who find this text lacking because of that, I
encourage them to enhance it and share their own knowledge;

version 1, and it may be a bit rough (and use a bit more editing)
but I hope it will continue at least to version 2.

In
some respects, this was a bit of mental clearing of the decks. It’s
been percolating for awhile and is ready to be public, if not
published. I’m hoping it will be useful to someone. You can read
the entire text here: http://books.ofaolain.com/legaltech/
although you may find my server slow. You can download the EPUB
version or MOB
versions too.”

We
would need slightly larger drones, but... If we apply the algorithms
used in self-driving cars, we could have “flying cars” by
Christmas!

Amazon.com
is not pleased with the pace by which the Federal Aviation
Administration is addressing the commercial use of drones and it let
the public know in a congressional hearing on Tuesday.

In a
Washington, D.C. meeting with Senate members of the Subcommittee on
Aviation, Operations, Safety and Security, Paul Misener, Amazon’s
vice president of global public policy, criticized the FAA for
lacking “impetus” to develop timely policies for the operations
of unmanned aerial systems (UASs or UAVs).

…
Misener stressed the differences between the
U.S. and places like Europe,
where the company is already testing outdoors in the United Kingdom.
“Nowhere outside of the United States have we been required to wait
more than one or two months to begin testing,” he said.

…
Politicians say they need suitable
hardware to do their work properly — but the new scheme has run
into criticism. "Locking some of the most powerful people in
the country into a platform that most of my constituents can't afford
seems like a mistake," said
Shadow Cabinet Office minister Chi Onwurah. "And that's
without mentioning the tax avoidance issue.

…
Some of the 209 MPs who already own iPads have been caught using
them in a way that's definitely not intended. Nigel Mills was
photographed using his to play Candy Crush over a period of two
and a half hours during a committee meeting on pension reforms.

You
can now play an online version of the legendary Roland
TR-808 drum machine, the real-world version of which was used by
such artists as the Beastie Boys, Outkast, and Kanye West.

The
online HTML5 version features all of the real percussion sounds,
which you can adjust to your heart’s content. And when you’re
happy with your hip-hop bassline, you can export it as a WAV file.
[H/T FACT
Magazine]

This
afternoon I received a lengthy email (a three page attachment came
with it) from someone who really did not like that I have promoted
EasyBib,
RefME,
and other bibliography creation tools over the years. The reader
seemed to take most offense to my recent
post about Google Docs Add-ons in which I included the EasyBib
Add-on. The reader rightly pointed out that those tools don't always
format citations perfectly.

Granted
those tools aren't always perfect in their formatting of citations (I
have pointed out some of those flaws in my webinars and workshops
over the years), but I think they are still valuable
because they help get students into the habit of citing their sources
of information and keeping a record of the sources they use.
Furthermore, if EasyBib, RefME, or one of the other bibliography
generators does make a mistake you can turn that into a teaching
opportunity with your students. Point out the flaw and how to
correct it.

Finally,
we can tell students not to use bibliography creation tools but they
are going to find them and try to use them anyway. The same can be
said for Wikipedia, but that's a conversation for another day. I
would rather tell students about bibliography creation tools and
teach them how to recognize if the tool made an error than I would
pretend that students aren't going to use the tools.

Tuesday, March 24, 2015

While we can’t name any particular names at this time we have
started seeing indicators of another related attack originating
out of China aimed at US Healthcare entities. This time
another well known affiliate of a previously breached healthcare
entity appears to be attacking other Healthcare entities in
California and Arizona.

…
it appears as though a new malware variant is being sent via
Phishing emails and they are coming from other healthcare entities so
it appears as legitimate traffic which may be problematic as they
may be assumed to be trusted entities.

He
notes that Texas law "allows CRAs to charge a 'reasonable fee,'
not to exceed $10.00, for placing a security freeze, [but] does not
make the CRAs' duty to place the security freeze within five business
days conditional on the payment of the charge, nor does it allow CRAs
to delay placing the security freeze until after the charge is paid,"
the complaint states, abbreviating credit-reporting agencies.

Shocking!
A government that is preparing to defend its citizens. Who would
have thought that possible?

Canada’s electronic surveillance agency has secretly developed an
arsenal of cyber weapons capable of stealing data and destroying
adversaries’ infrastructure, according to newly revealed classified
documents.

Communications Security Establishment, or CSE, has also covertly
hacked into computers across the world to gather intelligence,
breaking into networks in Europe, Mexico, the Middle East, and North
Africa, the documents show.

A
survey of parents with school-age children in Boston shows parents
see many benefits from in-school internet access, with more than 80
percent stating that in-school internet access helps students
develop the necessary skills to gain employment and participate in
the global economy. However, a majority of parents are unaware that
technology companies may be tracking their children’s internet use
at school. This demonstrates the importance of and need for stronger
protections to prevent student data mining and online tracking in
Boston schools.

…
The findings are based on a survey conducted between January 2015
and February 2015 of parents with school-age children in Boston. For
more detailed results, please visit: http://bit.ly/1O7xntD

The
new Office of Technology Research and Investigation (OTRI) is a
successor to the FTC’s Mobile Technology Unit, which was created in
2012 to handle consumer issues related to mobile devices, including
children’s privacy and mobile shopping data-use policies.

But
the OTRI has a broader mandate and is
hiring more technologists (its predecessor only had one) to
examine privacy and security issues related to “connected cars,
smart homes, algorithmic transparency, emerging payment methods, big
data, and the Internet of Things,” according to FTC Chief
Technologist Ashkan Soltani.

But
exactly how much the OTRI will be able to do beyond researching these
areas isn’t clear. In general, the FTC is limited to pursuing
companies that misrepresent what they do or engage in false
advertising. As a result, the FTC’s privacy enforcement actions
have largely consisted of going after retailers who have violated
their own published privacy policies. (The one exception to that is
marketing online to children, which is covered by the Children’s
Online Privacy Protection Act. That puts
much more stringent limits on what information website operators
can collect from children under age 13, and how it must be handled.)

Would
Hitler have wanted people to post who they voted for? Would Benito
Mussolini have tweeted photos with voters? Would Francisco Franco
have Instagrammed a ballot with a check next to his name? These are
the questions I was asking myself after listening to a recent
NPR story on the controversy brewing around “ballot selfies.”

…
While considerable debate exists with regard to the best strategies
for protecting America’s various cyber-systems and promoting
cybersecurity, one point of general agreement amongst cyber-analysts
is the perceived need for enhanced and timely exchange of
cyber-threat intelligence both within the private sector and between
the private sector and the government.

…
this report examines the various legal issues that arise with
respect to the sharing of cybersecurity intelligence, with a special
focus on two distinct concepts: (1) sharing of cyber-information
within the government’s possession and (2) sharing of
cyber-information within the possession of the private sector.

With
regard to cyber-intelligence that is possessed by the federal
government, the legal landscape is relatively clear: ample legal
authority exists for the Department of Homeland Security (DHS) to
serve as the central repository and distributor of cyber-intelligence
for the federal government. Nonetheless, the legal authorities that
do exist often overlap, perhaps resulting in confusion as to which of
the multiple sub-agencies within DHS or even outside of DHS should be
leading efforts on the distribution of cyber-information within the
government and with the public.

…
With regard to cyber-intelligence that is possessed by the private
sector, legal issues are clouded with uncertainty. A private entity
that wishes to share cyber-intelligence with another company, an
information sharing organization like an Information Sharing and
Analysis Organization (ISAO) or an Information Sharing and Analysis
Centers (ISAC), or the federal government may be exposed to civil or
even criminal liability from a variety of different federal and state
laws.

…
concerns may arise with regard to how the government collects and
maintains privately held cyber-intelligence, including fears that the
information disclosed to the government could (1) be released through
a public records request; (2) result in the forfeit of certain
intellectual property rights; (3) be used against a private entity in
a subsequent regulatory action; or (4) risk the privacy rights of
individuals whose information may be encompassed in disclosed
cyber-intelligence.

The
report concludes by examining the major legislative
proposal—including the Cyber Intelligence Sharing and Protection
Act (CISPA), Cybersecurity Information Sharing Act (CISA), and the
Cyber Threat Sharing Act (CTSA)—and the potential legal issues that
such laws could prompt.”

My
students have convinced me this could be more important than a
resume. Especially the social networking bit.

…
Developing and building your personal brand is an important part of
deciding how you want to be known in your workplace, industry and
life. Below are four important steps you can take to start building
your personal brand today.

(Related)
Perhaps if the campaign is mostly on social networks we might see
fewer TV ads? Nah.

Ted
Cruz’s Monday morning announcement that he was running
for president sent a jolt through political circles — and their
Facebook friends.

The
Texas Republican senator’s announcement sparked 5.7 million
comments, likes and other conversations among 2.2 million people on
the global social network on Monday, according to Facebook. That’s
more than 30 times the average number of people who have talked about
Cruz in the last three months.

…
Cruz, who has significant appeal among conservatives, has found a
winning message on some social media sites.

Monday, March 23, 2015

If
the police were relying on “encryption in a box” they don't
understand security. If everyone uses the same encryption, loss of
one machine compromises everyone. Even after the Poles stole an
Enigma machine from the Germans in 1939 it took years to reliably
decrypt messages.

Theft of an electronic instrument worth around Rs 3 lakh [$4816.53 –
Dissent] from the building of Dang district superintendent of police,
Ahwa, has
created panic among top national security agencies. Sources in
police claim that the stolen device is a decoder of encrypted secret
code language used by intelligence agencies to exchange top secret
information.

The device is called as Cipher or N-decoder and only
government-authorized agencies can procure it. [and
the occasional burglar. Bob] Naxal activities were
reported from Dang in recent past and theft of this device has
created major challenge for police. All the top security agencies,
part of armed forces, police or special operation groups use these
devices to receive and share information.

Vladimir
Putin’s recent disappearance from public view for over a week fed
wild rumors about a possible coup and his removal from power.

…
The story of the coup has revealed something very interesting about
the secretive world of Russian politics. First of all, when the
rumors first surfaced the population remained calm. Forget Mr.
Putin’s 85% approval rating, there were no demonstrations and no
visible signs of any reaction on the part of the Russian people.
They remained silent. Second, media comments also did not reveal any
particular anxiety about the possible removal of Mr. Putin. One
could even sense a sigh of relief. Even the response from
the Russian nationalists was rather favorable. Igor Strelkov—the
former commander of the rebel army in the east of Ukraine—speculated
about the advantages of removing Putin from power.

Unfortunate
that the law has so many holes in it that this is the only way to
avoid someone using these domains for “evil purposes.” I note
that she did not buy TaylorSwift.sucks which also becomes available
under the new domain name rules. What is their definition of a
“celebrity?” If someone takes my name in vain, do I have
recourse?

Here’s
Why Taylor
Swift
Just Bought Some Porn Sites with Her Name on Them

Taylor
Swift has a very
good reasons for quickly snapping up new websites TaylorSwift.porn
and TaylorSwift.adult. She bought them so that neither you, nor
anyone on her long list of ex-lovers could buy them first. The
purchase is part of a larger controversial
practice called “domain squatting” and it just became a much
bigger issue for celebrities and corporations.

…
Among those new gTLDs are some salacious options like .porn, .sucks,
and .adult so ICANN is allowing celebrities and corporations
(basically anyone with a brand or trademark to protect), to get first
dibs on the more controversial gTLDs before they become available to
any and everyone on June 1st.

I
hope my students could write better raps. I know they could sing
better raps. Now all they need to do is learn the math!

Rhyme
'n Learn is a series of math and science lessons presented in
short rap music form. About half of the raps are provided in video
format with visuals to support the lesson. The other half of the
lessons are audio only, but do have transcripts available to help
your students or you follow along. A couple of the video raps are
embedded below.

Sunday, March 22, 2015

I
could have done without this. We have people in this country who
listen to the voices in their head or the commands of the neighbor's
dog. Now we need to worry about these nuts passing them specific
targeting information? I hope someone is passing the details to
local law enforcement and trustworthy neighbors.

Islamic State hackers have posted the personal details of 100 U.S.
service members they claim took part in the bombing of ISIS targets
in Iraq, Syria, Yemen, Somalia and Afghanistan – and called on
homegrown radicals to strike back.

The group calling itself Islamic State Hacking Division allegedly
gathered the dossier from cracked military databases and made an open
call for “jihad against the crusaders” using JustPaste.it, a
Polish-based social network favored by ISIS propagandists.

First they said they’re looking into it. Now they’re saying
nothing happened.

The day before he was cut from cabinet on March 12, former Services
NL minister Tony Cornect denied there was ever a security breach at
the Office of the Chief
Information Officer (OCIO).

The OCIO oversees information technology and security for the
government and goverment agencies, including health boards and the
police.

Their
denials are challenged by the former security analyst who raised the
alarm originally:

“We know that there was two-way communication between the
government DNS servers and the server in the Czech Republic;
therefore, messages were exchanged. We may not know the significance
of these messages, but to argue that there were no messages is
disingenuous.”

…
The OCIO oversees information technology and security for the
government and goverment agencies, including health boards and the
police.

…
Internal communications obtained by The Telegram show that while
Lorimer’s alerts about the breaches were acknowledged, they were
not acted upon for a week.

…
The OCIO said the matter was investigated at the time and that there
was no threat to security. But after Lorimer filed an information
request looking for the results of that investigation, the office
admitted no such report existed.

In
November 2014, Cornect called for an external investigation into the
matter. That review was carried out by EWA-Canada. The findings
were submitted over a month ago, on Feb. 11.

I have
contacted the OCIO in an attempt to obtain the report, and Lorimer
has filed an access-to-information request. But the department has
so far refused to release it.

“It's
completely neutral except for the part that's not neutral.” Big
Cable Brother

HBO,
Showtime, and Sony Corp. are jumping into online television. But
instead of putting their Web traffic on the public Internet’s main
thoroughfare, they want to be in a separate lane that would ensure
their content gets special treatment.

Those
companies have talked to major broadband providers such as Comcast
Corp. about having their Web TV services treated as “managed”
services, according to people familiar with the discussions.

…
The Federal Communications Commission’s recently
approved net-neutrality rules, which go into effect in a few
months, bar broadband providers from accepting payment from companies
to favor their traffic. And the rules say the FCC “expressly
reserves the authority to take action” if it finds that specialized
services are “being used to evade the open Internet rules.”

But
the agency has maintained that cable and phone companies can offer
certain specially managed services—digital phone and
video-on-demand, for example—that run on a dedicated slice of
bandwidth in the cable pipe that is separate from the portion
reserved for public Internet access.

…
At least one emerging online TV player, Dish
Network Corp.’s Sling TV, believes the managed-service
arrangement would be a negative overall. “It’s a bad thing for
consumers and a bad thing for innovation,” said Roger Lynch, Sling
TV’s chief executive, adding that big companies like Dish could
afford to cut special deals like this but small companies can’t.

“It
makes a mockery of net neutrality,” he said, adding that Sling
would strike such a deal only “under duress,” if other companies
did first.

Curious.
On the military side, we seem to be very opposed to becoming the
world's police force. DoJ does not seem to be worried about that at
all. Should we assume that the countries where these “law
breakers” live do not have laws they have broken? Would we allow
US citizens to prosecuted under laws that do not exist in the US? Is
“offering for sale” proof of “intent to defraud?”

I’ve
been posting some of the U.S. Department of Justice’s attempts to
justify their proposed amendments to cybersecurity laws. Here’s
how the most recent post in their series begins:

In the last of our series
on the need for limited updates to laws enhancing cybersecurity while
protecting individual rights, this post will describe a proposal that
is geared toward shutting down the international black market for
Americans’ stolen financial information.

[…]

Here is the problem. Current
law makes it a crime to sell “access devices” such as credit
card numbers. The law allows the government to prosecute offenders
located outside the United States if the credit card number involved
in the offense was issued by an American company and meets a
set of additional requirements. In the increasingly international
marketplace for stolen financial information, however, these
requirements have proved increasingly unworkable in practice. The
government has to prove either that an “article” used in
committing the offense moved though the United States, or that the
criminal is holding his illicit profits in an American bank. But
when you steal only digital data, it’s not clear what “article”
could be involved. And of course, foreign criminals generally move
their money back to their home country.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.